Story Highlights

MUNCIE – If any computers or smart phones were to be confiscated during the investigation of recent identity thefts at Ball State University, BSU instructor Vinayak Tanksale’s students would know what to do before examining the evidence.

“Let’s say you go to the crime scene and have a warrant to take this computer back to the lab,” he tells students enrolled in a digital forensics course.

First, you photograph it from all angles, including anything on the screen and any cards plugged into it. Then you take it to the lab and make a copy of the hard drive.

“You never actually work on the hard drive,” he says. “That’s like working on the murder weapon. You make a copy of the hard drive to investigate. You never want to touch the original one. If you change a single zero or one on the hard drive, that is tainted evidence ... and your whole case may go down the drain.”

Tanksale instructs students not to remove a smart phone from a crime scene unless it’s placed in a Faraday cage to prevent connectivity to cellular networks. “If you walk away with a cell phone or smart phone, what if someone sends a text message to it?” Tanksale says. “A smart defense lawyer can say it was modified after you picked it up.”

“I talk about the different threats and investigative techniques,” said Tanksale, whose course includes lectures and labs where students search for a needle in a haystack containing gigabytes of data from real computer hard drives.

Identity theft is one of the threats, as at least 140 Ball State faculty and staff have learned recently. Their Social Security numbers were stolen and used to obtain fraudulent tax refunds in their names.

Other crimes that could be investigated by some of Tanksale’s students in the future include credit card theft, cyber stalking through social media, industrial espionage, child pornography, script kiddies (”high school students who may want bragging rights that they can take down or deface websites”), state-sponsored hacking (”we all know China, they are at it almost continuously in terms of getting government secrets”), and phishing, the instructor said.

“An investigation is under way, but it looks like some sort of phishing attack, where an insider could have fallen prey to it and the hackers got in, took control of their office computer and used that as a launching pad to get more information,” Tanksale says of the data breach that affected Ball State employees.

More than 90 percent of cyber attacks begin with a form of “social engineering,” aka cyber con game, known as “spear phishing,” Paul Buis, chairperson of computer science at Ball State, told The Star Press.

“Someone gets tricked into opening an attachment to an email that contains malware that slips past the malware detection systems on both the email server and on their own computer,” he said. “If that someone has access to sensitive data, the hacker now has access too.”

Instead of casting out thousands of emails randomly hoping a few victims will bite, spear phishers hack into a computer network or comb through websites, blogs and social networks to get some inside information on their targets to convince them emails are legitimate, according to the FBI.

Tanksale’s students can become certified as forensic examiners of desktop computers, but BSU does not offer a specific undergraduate degree in digital forensics. Neither do Indiana University-Bloomington, Purdue University-West Lafayette, Ivy Tech Community College or Indiana State University, spokespersons at those schools told The Star Press.

However, students at Purdue can earn a doctorate with a specialization in cyber forensics or a master’s specializing in cyber forensics, homeland security, and information systems and privacy.